A Bug In Android Allows Hackers To Control Users' Cameras Even When The Phone Is Locked

When the memory of Facebook’s flaw that lets users’ cameras work behind their back is still fresh, another similar vulnerability is uncovered by Google. This time, it lies in Android.

The bug might serve as a gateway for hackers to record and take pictures by users’ cameras even if the screen is turned off and the phone is locked.

The vulnerability is discovered in the Google Camera app’s permission bypass. It affects Pixel, Samsung’s smartphones, and devices of some other manufacturers.

According to the researchers of this finding, bad actors can take photos and record videos. They can also gain permission to access users’ pictures and footages, as well as the GPS embedded in them. If they want to learn users’ locations, all they have to do is to take pictures and analyze them.

There is a proof-of-concept video uploaded to YouTube by the team that you can watch and learn about the severity of the flaw by yourself.

After the issue is uncovered, Google has confirmed its existence, expressed their gratitude to the researchers for pointing the bug out, and then patch the flaw.

In a statement, Google said that the team of researchers had worked closely with the company and other Android partners to find solutions to the issue. The fix had been released to users via an update of the Google Camera Application users can download on the Play Store. It had been distributed to all partners.

Google has a division called Project Zero that works to discover bugs in iOS. So it is kind of ironic thinking that the company focuses so much on finding the flaws of others and neglect the safety of its own operating system.